Motivation for Performance Tests

With major changes in our server configuration or because of new hardware we regularly perform DNS performance tests on our authoritative only name servers. If the performance tests are conducted in a similar manner we get an indication of how well a specific platform performs.

Tools

Typically we use queryperf from the BIND source package (in the contrib directory) to measure UDP query performance. There are other tools such as dnstcpbench from PowerDNS to measure tcp performance and possible more. "queryperf" requires an input file consisting of lines with a query-name and a query-type. A typical line would be "www.switch.ch A". We generate the input file from historic queries which have been sent to the authoritative only name server. While the query names and query types mimic real world data, the sent DNS queries do in fact not. We typicallytest without EDNS0 and DNSSEC OK bit set.

Test Preparation

Different server configurations can lead to different results. All our servers run local firewalls. However, we use stateless rules for DNS and even make use of the "raw" table in iptables to avoid connection tracking. If the server is logging DNS queries in some form (PCAP or query logging through the name server software) that can have a big impact as well.

The test client needs to be selected carefully as well. Latency has an impact on the performance. It's best to select the client close to the server network wise. If that is not possible then adjusting the maximum value for the queue of outstanding queries (see -q) can help a little as well.